Wednesday, February 1, 2012

10 thoughts for your mobile device policy

According to a recent survey, there are 324.3M mobile devices in the United States. Let that number sink in. It equates to 1.025 mobile devices per American. And, according to another recent survey, 46% of all American those mobile devices are smartphones. This number does not even account for the number of iPads and other tablets.

In other words, your employees are connected all the time, both at, and away from work. It also means you need to have a policy to account for this penetration of mobile devices.

Here are 10 questions for you to think about in drafting (or revising) your mobile device policy:

Do you allow for your employees to connect personal devices to your network? Or do you limit network connectivity to employer-provided devices? And, where is the data stored, on the device itself, or remotely? The answer to these questions will not only impact the security of your network, but also dictate which mobile devices and OSs will your company support.

Do you permit employees to use mobile devices in the workplace? It’s difficult to require employees to check their devices at the door. But, if you have safety-sensitive positions, you should consider protecting these employees from the distractions mobile devices cause.

Who pays for the device, not just at its inception, but also if it is lost or broken and needs to be replaced? If you require your employees to reimburse for lost phones, state wage payment laws may limit your ability to recoup via a paycheck deduction.

And, do employees have an expectation of privacy as to data transmitted by or stored on the device? Do you tell employees that their expectation of privacy is limited or non-existent? Are you tracking employees via GPS, and, if so, are you telling them? In light of last week’s ruling in U.S. v. Jones, limiting employees’ expectation of privacy is more important than ever.

For non-exempt employees, do you permit mobile devices to be used for business purposes, and if so, do you prohibit their use during non-working hours? Otherwise, you might be opening your organization up to a costly wage and hour claim.

Do employees know what to do if a device is lost or stolen? Do you have the ability to remote-wipe a lost or stolen device? Even if you have the ability to remote-wipe a device (and if you don't, you should), your employees will prevent a remote wipe if their first call upon losing a device is to Verizon (which will deactivate the phone) instead of your IT department.

Do you prohibit employees from jailbreaking their iPhones or rooting their Androids? These practices void the phone’s warranty. Also, consider banning the installation of apps other than from the official iTunes App Store or Android Market. It will limit the risk of the installation of viruses, malware, and other malicious code on the devices.

Are devices required to be password-protected? It will provide an extra layer of protection if the device is lost or stolen. Also, your industry might dictate an added layer of protection. Do you employ lawyers or medical professionals, for example? If so, ethical rules or HIPAA might mandate password locks.

Do you forbid employees from using their mobile devices while driving? 35 states (but not yet Ohio) have a laws that bans some type of mobile device use while driving. It is safe to assume that the other 15 states will soon join in. Even if your state is not included, do the right thing by suggesting your employees be safe while operating their vehicles.

How does your policy interact with other policies already in existence? Your mobile device policy should cross-reference your harassment, confidentiality, and trade secrets policies, all of which are implicated by the use of mobile technology.

Disclaimer

This blog is for informational and educational purposes only. It does not constitute legal advice, and is not intended to create an attorney-client relationship. Further, your use of this blog does not create an attorney-client relationship. Online readers should not act upon any information presented on this blog without seeking professional legal counsel. The legal information provided in this blog is general and should not be relied on as legal advice, which I cannot provide without full consideration of all relevant information relating to one's individual situation.

The author apologizes for any factual or other errors in this blog. If you believe that some content is inaccurate, false, disparaging, slanderous, libelous, or defamatory, please post a comment or contact me; I will consider editing existing content, removing that content, or posting a retraction. Information herein is provided on an "as is" or "as available" basis; we make no warranty of any kind to you regarding the information provided and disclaim any liability for damages from use of the blog or its content.